New Security Concerns Raised For Google Docs

← Back to Stories (view on slashdot.org)

New Security Concerns Raised For Google Docs

Posted by Soulskill on Sunday March 29, 2009 @05:24AM from the it's-not-a-bug-it's-a-feature dept.

TechCrunch is running a story about three possible security issues with Google Docs recently uncovered by researcher Ade Barkah. It turns out that an image embedded into a protected document is given a URL which is not protected, allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document. Barkah also pointed out that once you've shared a document with another person, that person can see diagram revisions from any point before they gained access, forcing you to create a new document if you need to redact something. The last issue, the mechanics of which he disclosed only to Google, affects the document-sharing invitation forwarding system, which can allow somebody access to your documents after you've removed their permissions. Google made a blog post to respond to these concerns, saying that they "do not pose a significant security risk," but are being investigated. We previously discussed a sharing bug in Google Docs that was fixed earlier this month.

29 of 92 comments (clear)

Min score:

Reason:

Sort:

Access after you revoked permissions = a copy by KiloByte · 2009-03-29 05:37 · Score: 5, Insightful

Eh, retaining access to a copy of the document after the original author revoked permission is certainly not a security issue -- at least, not unless you believe in DRM.
Being able to read future versions, like a reverse of the first bug of the article, would be bad, but the article doesn't suggest this is the case.

--
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
1. Re:Access after you revoked permissions = a copy by ssintercept · 2009-03-29 06:16 · Score: 3, Informative
  
  Does anyone know how to patch reality?
  DRUGS
  lots and lots of delicious mind-bending drugs!
  
  --
  "You can kill the revolutionary, but you can't kill the revolution."-- Fred Hampton
2. Re:Access after you revoked permissions = a copy by WCguru42 · 2009-03-29 06:29 · Score: 2
  
  Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published.
  That's quite possibly the scariest thing I've read in a while concerning content. I can easily see publishing companies following this logic and trying to slap DRM onto everything ever sold.
  
  --
  "Educate the mind but never at the expense of the soul."~Blessed Basil Moreau
3. Re:Access after you revoked permissions = a copy by John+Hasler · 2009-03-29 06:46 · Score: 2, Insightful
  
  > Eh, retaining access to a copy of the document after the original author revoked
  > permission is certainly not a security issue -- at least, not unless you believe in DRM.
  This is similar to changing the lock on your apartment when a friend to whom you have given a key tells you that she has lost it. Example: You give someone access to your confidential document on Google. He later informs you that his account has been compromised but that the miscreants may not have had time to use the credentials yet. You revoke his access in hopes of protecting your secrets but the miscreants get at them anyway using this bug.
  > Being able to read future versions, like a reverse of the first bug of the article,
  > would be bad, but the article doesn't suggest this is the case.
  The article does not make it clear whether it is or not. I agree that the bug is much more serious if it is.
  
  --
  Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
4. Re:Access after you revoked permissions = a copy by peragrin · 2009-03-29 06:54 · Score: 2
  
  where have you been for the past 10 years?
  they already do try this.
  
  --
  i thought once I was found, but it was only a dream.
5. Re:Access after you revoked permissions = a copy by mysidia · 2009-03-29 09:16 · Score: 2, Informative
  
  Agreed. Otherwise, all known operating systems have this "bug" as well, since if you have a file in $HOME with global read permissions and then subsequently revoke those permissions, if another user copied that file before you revoke those permissions, they still have access to that particular version of the file, or, more accurately, that copy of the file.
  However, if you 'chmod 700 $HOME', you bet it is a bug if they can still access that file in an old state (not the copy they made)!
  The issue here is, if the permission is revoked, they might have access to a copy they made, Google docs shouldn't be allowing access to the original anymore, except if they actually did create a copy on their own account..
  i.e. Google docs shouldn't help them get access to a document they lost permission to.
  Hell, reality has the same "bug": If a book publisher publishes a book, and then later it is discovered that the book contains content that the general public shouldn't have,
  Then they stop printing it. While sure people who bought it still get access to the data.
  It would be breach of contract if their contractor responsible for actually printing the books decided to keep printing and distributing them, after the revokation.
  This is the equivalent to the Google docs bug -- the author revokes permission to the document, Google docs, continues to make that same file available.
6. Re:Access after you revoked permissions = a copy by mysidia · 2009-03-29 09:18 · Score: 2
  
  Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published
  This is nonsense. Publishers have control, it's called copyright.
  If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.
7. Re:Access after you revoked permissions = a copy by Curunir_wolf · 2009-03-29 11:48 · Score: 4, Insightful
  
  Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published
  This is nonsense. Publishers have control, it's called copyright.
  If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.
  Is this meant to be a troll? copyright has nothing to do with permission to access. If you give someone a copy of something, copyright means they are not allowed to copy it, not that you can take away their copy at a later time.
  I mean, what are you trying to say?
  
  --
  "Somebody has to do something. It's just incredibly pathetic it has to be us."
  --- Jerry Garcia
8. Re:Access after you revoked permissions = a copy by Kaboom13 · 2009-03-29 12:02 · Score: 2, Informative
  
  So do you make a copy of every document you are given, on the chance your access might be revoked? Consider this scenario:
  I hire a new contractor. To do his job, he requires access to confidential company documents. I give him that access, along with an agreement that the information he can access is confidential, and should not be copied or shared. Now he CAN break that agreement at any time, and I probably would never find out. But it would be highly unprofessional to do so, and since our financial interests at least in theory align (good news for the company is generally good news for the employees, even if they don't see a direct benefit) he has no real reason to violate that policy.
  Now lets say I have to fire him cause he keeps slapping the secretary on the butt. Now he's pissed off at me, and the company, and probably looking for a job with my competitors. Now he is much more likely to violate that policy, and I have fewer avenues of redress if he does. After all, before he risked losing a job he already had, as well as guaranteeing a bad reference from me. So if he didn't make a copy before, he is going to now.
  It's true that if you give them access at one time, and can revoke it later, they have a window of opportunity to copy that information. But if that window closes, and they didn't seize the opportunity, that's one less person with your data.
  It's true there is no way to stop someone from keeping your data once they have access to it. But it doesn't happen automatically, they have to take the steps to do it. If you hire someone that's out to steal your data from the start, you are screwed. But chances are that's not the case.
9. Re:Access after you revoked permissions = a copy by mysidia · 2009-03-29 12:49 · Score: 2, Interesting
  
  Is this meant to be a troll? copyright has nothing to do with permission to access.
  Copyright has everything to do with controlling when new copies can be made and distributed, which is the most common and likely way that information ever gets distributed.
  You may have the document containing the info, but copyright control means another company can't go into the business of distributing the document, without you having recourse, and possible criminal charges (depending on the circumstances).
  That's a pretty darn good deterrant and powerful control over the flow of information.
It's nothing, Shroedinger's logarithm beats that by Enleth · 2009-03-29 05:37 · Score: 5, Interesting

Open a new spreadsheet, type in those formulas:
A1: "=log10(1000)", format for two decimals - equals 3.00
A2: "=trunc(3.00)", format for two decimals - equals 3.00
A3: "=trunc(log10(1000))", format for two decimals - equals... *drumbeat* 2.00, that is, TWO POINT OH OH. Uh, oh.
I decided to call it "Schroedinger's logarithm".
A report on the Google Docs' technical support forum went unanswered...

--
This is Slashdot. Common sense is futile. You will be modded down.
Re:...purge images from your account...? by ColdWetDog · 2009-03-29 05:38 · Score: 2, Funny

Let's keep it simple, eh? Purge the whole document. There. problem solved.
Oh stop being difficult. Just use a sharpie.

--
Faster! Faster! Faster would be better!
Re:It's nothing, Shroedinger's logarithm beats tha by TheRealMindChild · 2009-03-29 05:41 · Score: 4, Informative

While I agree, this is a bug, I think underneath it is the 60 year old "representing floats in binary" issue. Chances are, underneath, log10(1000) ends up being 2.999999999999999, but with some workarounds/fixes that translate the result to 3.00. But in the case of trunc(log10(1000)), trunc is operating on 2.999999999999 before said workaround/fix kicks in, so it ends up being 2.00.

Of course, this is just speculation.

--

"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Google's Right by John+Hasler · 2009-03-29 05:43 · Score: 5, Insightful

Since nothing on the Web is secure anyway, what's the problem? If it's an important secret keep it off the Web.

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
1. Re:Google's Right by theshowmecanuck · 2009-03-29 06:18 · Score: 4, Insightful
  
  I was thinking exactly the same thing. You put your stuff on somebody else's machine, in an environment that is by design exposed to the wild, wild Internet, and better yet the server URIs are advertised to the world because it is your hosts business model to advertise where the documents are (who could use them if they couldn't find them)... If people want to trust others with their important documents in that sort of a model, then it is business Darwinianism if critical documentation are leaked. And another thing, who knows if their personnel look through peoples documents for a laugh or just being nosey. Heck, government employees risk getting fired looking up personal data of prominent people when they run for office. If government employees will do that, why wouldn't people in data centres.
  
  Personally, I don't trust any of my documents to others to take care of. I like my stuff behind firewalls and not sitting directly on the on ramp to the Internet (had to get a car metaphor in somewhere). Mind you, I think this type of model will continue at least for a while if not forever, no matter what happens. People growing up now-a-days don't think as much about what personal information they post on the Internet, why would they care if their personal documents are managed by someone else that they don't know (other than a corporate logo).
  
  --
  -- I ignore anonymous replies to my comments and postings.
2. Re:Google's Right by tassii · 2009-03-29 06:38 · Score: 4, Insightful
  
  Then your corporation is an idiot. Nothing on the web is private. At the very least, Google retains the rights to those documents. Anyone who puts their trust in corporate documents to a third party application gets everything they deserve.
  
  --
  "I drank what?" - Socrates
Here's how Gogle should respond by bogaboga · 2009-03-29 05:45 · Score: 2, Interesting

My submission is that Google should respond in a classic Linux/KDE/Gnome format as follows:
"While we acknowledge receipt of your concerns, the points raised are a feature of our product(s) and not bugs. Google takes security and privacy seriously and are committed to ensuring that all our users continue to enjoy products and services we provide."
Or even better, they should label these so called security feature with a tag: "Won't fix." I know I will tagged a "troll" but I must say this: The "Won't fix" label, though not unusual in both the KDE and GNOME worlds, it is more common in the GNOME world than KDE. What it does not tell is whether there is lack of expertise or resources to fix it on both teams or it's because of incompetence, some other factor(s) or both.
I know because I counted them the (Won't fixes) on the 19th of March this year: GNOME score: 121, KDE score: 43. You do the math.
Now you go ahead and mod me down.
1. Re:Here's how Gogle should respond by shentino · 2009-03-29 08:20 · Score: 2, Informative
  
  FYI, "wontfix" is used on a routine basis for fedora.
  They also have "notabug" "notourbug" and "worksforme"
Re:It's nothing, Shroedinger's logarithm beats tha by John+Hasler · 2009-03-29 05:45 · Score: 4, Funny

You sure that isn't just an Excel compatibility feature?

--
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
Re:It's nothing, Shroedinger's logarithm beats tha by Enleth · 2009-03-29 06:04 · Score: 3, Insightful

Just about any other application I checked this with (I recall trying OOo, Excel, KSpread, Gnumeric, python, Matlab [which purposely does not do any floating point error correction when not asked to] and Maxima) got it right, so I'm not really convinced that it's something common and hard to avoid. Well, maybe it is common if not corrected for, but definitely not hard to avoid and unheard of. Besides, other multiplies of 10 up to 10E+20 were fine, as were logarithms for several different bases and sets of values.

--
This is Slashdot. Common sense is futile. You will be modded down.
Re:It's nothing, Shroedinger's logarithm beats tha by morgan_greywolf · 2009-03-29 06:14 · Score: 3, Informative

Probably right. In 32-bit Python:
math.log(1000,10) 2.9999999999999996
However, carrying out his example on OpenOffice.org Calc 2.2 results in 3.00. So while it's likely a binary representation problem, it's also probably a bug.

--
My blog
Re:...purge images from your account...? by Linker3000 · 2009-03-29 06:40 · Score: 2, Informative

Careful. The use of Sharpies might raise eyebrows for some..

--
AT&ROFLMAO
Google's own position on this by adrianmsmith · 2009-03-29 06:59 · Score: 4, Informative

http://googledocs.blogspot.com/2009/03/just-to-clarify.html
1. Re:Google's own position on this by Zarel · 2009-03-29 07:36 · Score: 3, Funny
  
  ...that's the third link in the summary.
  Oh! We're attempting to get people to RTFA by reposting it in the commentary and pretending it isn't TFA, are we? ;)
  
  --
  Want a high quality FOSS RTS game? Try Warzone 2100!
Business Security by StormReaver · 2009-03-29 08:03 · Score: 3, Insightful

If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.
The only way Google Docs isn't the dumbest thing your business can do is if your business uses the software on your own LAN/VPN, and hosts your own data on the same.
There should be a Darwin Award for businesses, if there isn't already.
1. Re:Business Security by RAMMS+EIN · 2009-03-29 09:21 · Score: 2, Insightful
  
  ``If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.''
  This is true, but that doesn't mean it's actually a bad idea. The thing you have to ask yourself as a decision maker is: how much control do I have over my own company's computers, how competent are my admins, etc. etc. Then you ask the same questions about a hosted service. And then you make your choice.
  If you have competent admins who you trust, the best choice may be to keep everything inside your company. However, it may well be that you don't have and/or cannot afford the necessary hardware and admins. At some point on the spectrum, hosting your documents elsewhere becomes the better choice.
  Remember, you never get absolute security. Your documents are at risk when you host them inside your company, and they are at risk when you host them outside your company. Like with all other risks, you have to account for this risk. Eventually, it becomes part of the cost-benefit analysis. And the cost-benefit analysis could swing either way: hosting internally or hosting externally.
  
  --
  Please correct me if I got my facts wrong.
2. Re:Business Security by TheRaven64 · 2009-03-29 11:13 · Score: 4, Interesting
  
  I did some consulting a while ago for a company which had a senior manager (I can't remember his actual title; the boss / owner's second in command) who kept the customer database on a USB flash drive. This was stored as an Access database and was completely secure, because it was always carried with him and only inserted into a computer when someone needed to access it.
  Completely secure, of course, until he decided to go into business by himself, and emailed all of the company's customers with a quote for their business at a slightly lower rate than they were currently paying, and some quite unprofessional comments about his former employer.
  You can't have absolute security, but it seems a lot of people are very bad at working out exactly how much security they really do have. In many cases, it's a lot less than they think.
  
  --
  I am TheRaven on Soylent News
I really want to see password protected documents by AbRASiON · 2009-03-29 09:10 · Score: 4, Insightful

Yeah I know you need my google account to compromise the document in the first place but that's only one level of security, considering some of the things I have on google docs a second level really would be appreciated.
Existence of the document? by JakartaDean · 2009-03-29 14:17 · Score: 2, Funny

allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document
Wow, that's pretty cool really. If I guess the URL I can see images that don't even exist?

--
The subject who is truly loyal to the Chief Magistrate will neither advise nor submit to arbitrary measures (Junius)