Slashdot Mirror

← Back to Stories (view on slashdot.org)

"Going Google" Exposes Students' Email

Posted by kdawson on from the visibility-in-the-clouds dept.

A ReadWriteWeb piece up on the NY Times site explores the recent glitch during the move of a number of colleges onto Google's email service that allowed a number of students to see each others' inboxes for a period of more than three days. Google would not give exact numbers, but the article concludes that about 10 schools were affected. "While the glitch itself was minor and was fixed in a few days, the real concern — at least at Brown — was with how Google handled the situation. Without communicating to the internal IT department, Google shut down the affected accounts, a decision which led to a heated conversation between school officials and the Google account representative. In the end, only 22 out of the 200 students were affected, but the fix was not put into place until Tuesday. ... The students had access to each other's email accounts for three solid days... before the accounts were suspended by Google. Oddly enough, this situation seems to be acceptable [to Brown's IT manager, who] 'praised Google for its prompt response.' (We don't know about you, but if someone else could read our email for three days, we wouldn't exactly call that 'prompt.')"

8 of 244 comments (clear)

  1. 3 Days Turnaround by sgbett · · Score: 5, Interesting

    Is that three days after they were notified, or did the affected students keep it quiet for a couple of days for 'research purposes'.

    --
    Invaders must die
    1. Re:3 Days Turnaround by Anonymous Coward · · Score: 5, Informative

      Well, I'm the guy at Brown who actually does the part of the migration that switches over internal email to Google (though others are involved), and I can tell you that we knew about a few almost immediately, from student reports. Google was involved as soon as we found out, but it took them a little while to determine exactly what happened.

      Also, this wasn't as bad as it sounds. Students weren't receiving new mail meant for someone else, the problem was with the tool that migrated their old existing email from our Exchange system to their new Google email boxes. The 22 students got the contents of other students' -old- mail boxes, not new mail.

      It appears that Google upgraded their IMAP migration tool on the back-end, and there was a problem with the new version. Interesting thing about 'the cloud', all the tools available on it are upgraded without the end user being aware. Had there been a 'migrate user email boxes - updated today to version 1.1!' button instead of 'migrate user email boxes', I might have waited a few days to let Google shake-out the bugs.

  2. Google's version of... by The+Ancients · · Score: 5, Funny

    ...social networking.

    Taking it to a new level, no joining or other conscious actions required to share everything about your life.

    --
    The Mothership
    1. Re:Google's version of... by Arancaytar · · Score: 5, Funny

      "You have sent an email to Emily. 6 people like this. 3 people have left a comment:"

      "Frank has sent/received 26/20 emails to/from your friend Tom, 20/23 with your friend Megan, 15/12 with your friend John. Your social graph proximity is therefore 45.1. Click here to add Frank to your friend list and read his emails."

      People would love it! :P

  3. Re:Breach of privacy by Anonymous Coward · · Score: 5, Funny

    I'm French

    Just save us the trouble and surrender this argument now.

  4. Re:Someone has high demands. by Trogre · · Score: 5, Insightful

    I'm sorry, perhaps you missed the part where students could read each others emails.

    Microsoft participation is not required in this case.

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  5. They must be kidding by trifish · · Score: 5, Informative

    While the glitch itself was minor and was fixed in a few days

    Pardon my ignorance, the glitch was minor?

    What?

    The fact that emails contain back-mailed passwords to many kinds of online services, including those involving payments (which is stupid practice, but the online service providers do it anyway, they send you the password when you sign up)...

    The fact that I can reset your password to any third-party online service account where I know that you use it and that you associated it with this email account...

    Still minor glitch? Reading others emails? Really? I or TFA must be missing something.

  6. Re:Someone has high demands. by Anonymous Coward · · Score: 5, Interesting

    What the fuck.

    This is a really big deal. And if the excuse is that 3 days (admittedly, 2 of them weekend days) turnaround on an absolute security breach is what you get for free, and to expect better you must pay for it, then the proper response is to pay for better and not use this service because it's shit-broken. It is my understanding that Google Apps for Education is not a tiered service -- you're a school, you get it free; there is no paying for better. If there IS paying for better, then we should spread awareness that the free version is bad.

    Might I point out that losing privacy on your email and THEN losing access is pretty much the worst possible failure mode? This is an enormous fuck-up. This has nothing to do with Microsoft. Why would you bring up Microsoft? YOU are the one twisting something into what it is not to make some other company look bad. If I were as paranoid as you, I'd suggest that Google or Apple or somesuch was paying you to do this, but in fact, I know that you're capable of being fuckwitted all on your own.

    Jesus Christ. Google Apps' security fails utterly, and that's Google kicking Microsoft in the groin to you? Maybe Google can start a puppy-stomping program; I bet that's just like Google ripping Microsoft's arms off.

    I'd be a lot more comfortable if Google said "yeah, we fucked up, here's what we're going to do to prevent this from happening again". Instead we get the self-contradictory "it was a small hiccup [...] it's an issue we've taken extremely seriously".