Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Security Concerns Raised For Google Docs

Posted by Soulskill on from the it's-not-a-bug-it's-a-feature dept.

TechCrunch is running a story about three possible security issues with Google Docs recently uncovered by researcher Ade Barkah. It turns out that an image embedded into a protected document is given a URL which is not protected, allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document. Barkah also pointed out that once you've shared a document with another person, that person can see diagram revisions from any point before they gained access, forcing you to create a new document if you need to redact something. The last issue, the mechanics of which he disclosed only to Google, affects the document-sharing invitation forwarding system, which can allow somebody access to your documents after you've removed their permissions. Google made a blog post to respond to these concerns, saying that they "do not pose a significant security risk," but are being investigated. We previously discussed a sharing bug in Google Docs that was fixed earlier this month.

3 of 92 comments (clear)

  1. Access after you revoked permissions = a copy by KiloByte · · Score: 5, Insightful

    Eh, retaining access to a copy of the document after the original author revoked permission is certainly not a security issue -- at least, not unless you believe in DRM.

    Being able to read future versions, like a reverse of the first bug of the article, would be bad, but the article doesn't suggest this is the case.

    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  2. It's nothing, Shroedinger's logarithm beats that by Enleth · · Score: 5, Interesting

    Open a new spreadsheet, type in those formulas:

    A1: "=log10(1000)", format for two decimals - equals 3.00
    A2: "=trunc(3.00)", format for two decimals - equals 3.00
    A3: "=trunc(log10(1000))", format for two decimals - equals... *drumbeat* 2.00, that is, TWO POINT OH OH. Uh, oh.

    I decided to call it "Schroedinger's logarithm".

    A report on the Google Docs' technical support forum went unanswered...

    --
    This is Slashdot. Common sense is futile. You will be modded down.
  3. Google's Right by John+Hasler · · Score: 5, Insightful

    Since nothing on the Web is secure anyway, what's the problem? If it's an important secret keep it off the Web.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.