Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Google Security The Internet

New Security Concerns Raised For Google Docs 92

TechCrunch is running a story about three possible security issues with Google Docs recently uncovered by researcher Ade Barkah. It turns out that an image embedded into a protected document is given a URL which is not protected, allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document. Barkah also pointed out that once you've shared a document with another person, that person can see diagram revisions from any point before they gained access, forcing you to create a new document if you need to redact something. The last issue, the mechanics of which he disclosed only to Google, affects the document-sharing invitation forwarding system, which can allow somebody access to your documents after you've removed their permissions. Google made a blog post to respond to these concerns, saying that they "do not pose a significant security risk," but are being investigated. We previously discussed a sharing bug in Google Docs that was fixed earlier this month.
This discussion has been archived. No new comments can be posted.

New Security Concerns Raised For Google Docs

Comments Filter:
  • Let's keep it simple, eh? Purge the whole document. There. problem solved.

  • by KiloByte ( 825081 ) on Sunday March 29, 2009 @12:37PM (#27380311)

    Eh, retaining access to a copy of the document after the original author revoked permission is certainly not a security issue -- at least, not unless you believe in DRM.

    Being able to read future versions, like a reverse of the first bug of the article, would be bad, but the article doesn't suggest this is the case.

    • Agreed. Otherwise, all known operating systems have this "bug" as well, since if you have a file in $HOME with global read permissions and then subsequently revoke those permissions, if another user copied that file before you revoke those permissions, they still have access to that particular version of the file, or, more accurately, that copy of the file.

      Hell, reality has the same "bug": If a book publisher publishes a book, and then later it is discovered that the book contains content that the general

      • Re: (Score:3, Informative)

        by ssintercept ( 843305 )

        Does anyone know how to patch reality?

        DRUGS
        lots and lots of delicious mind-bending drugs!

      • Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published.

        That's quite possibly the scariest thing I've read in a while concerning content. I can easily see publishing companies following this logic and trying to slap DRM onto everything ever sold.

        • where have you been for the past 10 years?

          they already do try this.

        • by mysidia ( 191772 )

          Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published

          This is nonsense. Publishers have control, it's called copyright.

          If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.

          • by Curunir_wolf ( 588405 ) on Sunday March 29, 2009 @06:48PM (#27382841) Homepage Journal

            Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published

            This is nonsense. Publishers have control, it's called copyright.

            If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.

            Is this meant to be a troll? copyright has nothing to do with permission to access. If you give someone a copy of something, copyright means they are not allowed to copy it, not that you can take away their copy at a later time.

            I mean, what are you trying to say?

            • Re: (Score:2, Interesting)

              by mysidia ( 191772 )

              Is this meant to be a troll? copyright has nothing to do with permission to access.

              Copyright has everything to do with controlling when new copies can be made and distributed, which is the most common and likely way that information ever gets distributed.

              You may have the document containing the info, but copyright control means another company can't go into the business of distributing the document, without you having recourse, and possible criminal charges (depending on the circumstances).

              That's a p

              • That's a pretty darn good deterrant and powerful control over the flow of information.

                As the RIAA has found out - no it is not. I don't like the RIAA, but I think their inability to control 'the flow of information' despite their desperate attempts proves this point unlike any other entity can.

                Copyright offers no 'control' -- It only offers recourse. DRM is almost entirely preventative. Copyright infringement these days happens on an International stage and data moves at light speed. It's quite impossible to enforce IP anymore and short of randomly suing people to scare (some) people, you

      • Re: (Score:2, Informative)

        by mysidia ( 191772 )

        Agreed. Otherwise, all known operating systems have this "bug" as well, since if you have a file in $HOME with global read permissions and then subsequently revoke those permissions, if another user copied that file before you revoke those permissions, they still have access to that particular version of the file, or, more accurately, that copy of the file.

        However, if you 'chmod 700 $HOME', you bet it is a bug if they can still access that file in an old state (not the copy they made)!

        The issue here is

    • Re: (Score:3, Insightful)

      by John Hasler ( 414242 )

      > Eh, retaining access to a copy of the document after the original author revoked
      > permission is certainly not a security issue -- at least, not unless you believe in DRM.

      This is similar to changing the lock on your apartment when a friend to whom you have given a key tells you that she has lost it. Example: You give someone access to your confidential document on Google. He later informs you that his account has been compromised but that the miscreants may not have had time to use the credentials

      • by yukk ( 638002 )

        > Eh, retaining access to a copy of the document after the original author revoked > permission is certainly not a security issue -- at least, not unless you believe in DRM.

        This is similar to changing the lock on your apartment when a friend to whom you have given a key tells you that she has lost it. Example: You give someone access to your confidential document on Google. He later informs you that his account has been compromised but that the miscreants may not have had time to use the credentials yet. You revoke his access in hopes of protecting your secrets but the miscreants get at them anyway using this bug.

        Nono, it's more like giving the keys to your Toyota to a friend and then when you buy a Porsche, they can still drive the old Toyota but not the new Porsche. Except it's not really like that at all because once they've had access to the document they can make a copy of that version and staple it to a powerpole for all the control you have of copies of your document. This is just common sense. Heck, maybe they have an eidetic memory. How are you expecting to expunge their memorised copy ?

        • > Except it's not really like that at all because once they've had access to the document
          > they can make a copy of that version and staple it to a powerpole for all the control
          > you have of copies of your document.

          Sometimes, when you ask someone not to make a copy of something, you can actually trust them not to do so. They may even be authorized and trusted to make copies and keep them confidential.

          > Heck, maybe they have an eidetic memory. How are you expecting to expunge their
          > memorised

        • Re: (Score:3, Informative)

          by Kaboom13 ( 235759 )

          So do you make a copy of every document you are given, on the chance your access might be revoked? Consider this scenario:

          I hire a new contractor. To do his job, he requires access to confidential company documents. I give him that access, along with an agreement that the information he can access is confidential, and should not be copied or shared. Now he CAN break that agreement at any time, and I probably would never find out. But it would be highly unprofessional to do so, and since our financial i

          • Yeah, hopefully that contractor didn't click on the "Offline" link on google docs -- because that would have kept a local fresh copy of them on his computer, or if you gave him a work email address -- hopefully you didn't give him POP access to it on his own private computer.

      • You have fallen into the media industries IP trap.

        It is more like loaning a book to your friend to read, then a week later asking for it back, and also telling him to forget everything he ever read.

        Intellectual property is not the same thing as physical property and should not be treated as such.

  • by Enleth ( 947766 ) <enleth@enleth.com> on Sunday March 29, 2009 @12:37PM (#27380317) Homepage

    Open a new spreadsheet, type in those formulas:

    A1: "=log10(1000)", format for two decimals - equals 3.00
    A2: "=trunc(3.00)", format for two decimals - equals 3.00
    A3: "=trunc(log10(1000))", format for two decimals - equals... *drumbeat* 2.00, that is, TWO POINT OH OH. Uh, oh.

    I decided to call it "Schroedinger's logarithm".

    A report on the Google Docs' technical support forum went unanswered...

    • While I agree, this is a bug, I think underneath it is the 60 year old "representing floats in binary" issue. Chances are, underneath, log10(1000) ends up being 2.999999999999999, but with some workarounds/fixes that translate the result to 3.00. But in the case of trunc(log10(1000)), trunc is operating on 2.999999999999 before said workaround/fix kicks in, so it ends up being 2.00.

      Of course, this is just speculation.
      • Just about any other application I checked this with (I recall trying OOo, Excel, KSpread, Gnumeric, python, Matlab [which purposely does not do any floating point error correction when not asked to] and Maxima) got it right, so I'm not really convinced that it's something common and hard to avoid. Well, maybe it is common if not corrected for, but definitely not hard to avoid and unheard of. Besides, other multiplies of 10 up to 10E+20 were fine, as were logarithms for several different bases and sets of values.

      • Re: (Score:3, Informative)

        Probably right. In 32-bit Python:

        math.log(1000,10)
        2.9999999999999996

        However, carrying out his example on OpenOffice.org Calc 2.2 results in 3.00. So while it's likely a binary representation problem, it's also probably a bug.

        • Of course it's a bug. log10(1000) is 3, so truncating it should yield 3. Unless, of course, the specification very clearly states that operations are implemented using some kind of arithmetic that produces a different result. But, in that case, I don't want to use the software.

        • If you're printing 2.999999... with only two decimals, then you should see 3.00. You ALWAYS have to remember that what you see is an approximation. If you truncate the fraction of something which displays as 3.00, you should not expect 3 as the result. If you want to find the NEAREST integer, then use some sort of rounding function, so that the greatest error magnitude is 0.5, rather than nearly 1.0 as with truncate. This mis-expectation comes up often when students are learning programming languages. They
      • log(1000) / log(10) gives 2.99999999999999956 in double precision, i.e. google probably doesn't use the decadic log function (i.e. log10) in its implementation, but the natural logarithm instead.

    • You sure that isn't just an Excel compatibility feature?

    • by cdrguru ( 88047 )

      I believe the answer of 2.0 is correct.

      trunc() is not int(), it is more like floor(). It truncates the value to not the nearest but the lower integer value. Therefore, trunc(2.999999999) is 2 (integer), not 2.0. OK, you want to format it with decimal places, the answer is 2.00.

      I believe int(2.999999) will result in 3 as it is documented as a rounding operation.

      Note: I have no idea what the specifications for Google spreadsheets might be. However, if they are compatible with the implementation of int, tr

      • by Enleth ( 947766 )

        It would be all correct and perfect in the context of a programmer's work and when I'm programming (especially at a low level, with no access to arbitrary-precision math libraries etc.), I do indeed expect such results. But when I'm using a spreadsheet, I expect it to take care of such details, because they're irrelevant in this context and must not ever be exposed to the user.

        Now, I noticed that even in Python log(1000,10) does return 2.(9) - but log10(1000) returns 3. For a programming language, intended

    • The problem is that due to floating point inaccuracies, log10(1000) is actually 2.999999999 and not exactly 3. It is rounded and shown as 3, but when you truncate it, you get 2.

      moral of the story: Don't use trunc.

      • by Enleth ( 947766 )

        I'll repeat what I said in another reply: I am aware of the floating point representation problem, but Google Docs doesn't give any clues on what the problem is and where it is, it shows two "3.00"s that trunc() to a different value, not a "2.999999..." or "2.(9)" or whatever else might be appropriate there. Basically, it claims that the value of an expression is X, but still treats it as Y, silently. While that was a simple and somewhat obvious example (I mean, for us - it's more than enough to confuse the

    • Not a bug - trunk always rounds down, so can be .999999 out easily. log(1000) is 2.999999 recurring on most spreadsheets, so it's doing what you're telling it.

      For more accuracy round don't truncate.. or even better don't do either and let the formatting handle it.

      • by Enleth ( 947766 )

        I'm afraid there are some real use cases where a properly calculated, truncated logarithm value is actually needed as an intermediate step in a more complex expression, so the formatting isn't going to help. And most spreadsheets handle this situation much better, feel free to read my other replies in this thread to see why and how.

    • Google docs had a pretty crippling bug while I was using Google docs to be interviewed by Google. The bug was really bad, and it and a few other bugs have made me think that most of Google's products deserve to keep their eternal beta status. I guess waaay more security vulnerabilities have probably been found in MS Office than in google docs, but there are some inherent security vulnerabilities in keeping your data on a remote server.
  • Google's Right (Score:5, Insightful)

    by John Hasler ( 414242 ) on Sunday March 29, 2009 @12:43PM (#27380359) Homepage

    Since nothing on the Web is secure anyway, what's the problem? If it's an important secret keep it off the Web.

    • by nurb432 ( 527695 )

      Or just don't rely on free services and host your own apps.

    • by LO0G ( 606364 )

      When your corporation decides to move it's data processing to Google Apps, there is an expectation that your company's data remains private.

      • And what penalties does Google agree to pay when your data do not remain private?

      • Re:Google's Right (Score:5, Insightful)

        by tassii ( 615268 ) on Sunday March 29, 2009 @01:38PM (#27380739)
        Then your corporation is an idiot. Nothing on the web is private. At the very least, Google retains the rights to those documents. Anyone who puts their trust in corporate documents to a third party application gets everything they deserve.
        • While I agree that just about nothing on the web should have expected privacy, the statement on third party software is entirely baseless. Almost every corporation on the planet relies on third-party applications in some form, as I'm almost certain that the Mexican food restaurant not far from my house didn't write their own operating system for the computers they use and just did a very very good job at making it look like Windows XP. Rather, that probably is Windows XP, third-party software made by a thir

      • If you put anything on the net, that expectation is futile. Regardless of any written policy. It is simply impossible to verify. On the internet, there will always be the matter of trust [youtube.com].

      • When your corporation decides to move its data processing to Google Apps, there is an expectation that they will be sued for violating the data protection act, or its local equivalent.
      • by whoop ( 194 )

        This same "argument" comes up with every Google story on here. I really want to know just how many companies are out there that have this super-secret information that they turn over to some Web 2.0 company?

        Then again, it's probably just another Slashdot meme with no basis in reality. A company doing such a thing (too cheap to spend a few bucks for their own Google Apps box) deserves whatever becomes public.

    • Re: (Score:1, Funny)

      by Anonymous Coward

      Hey, good point! And did you ever notice how many people send emails they don't want to become public, too?

      Not me anymore, though, nosiree! In fact, I'm gonna take my entire email system offline right now.

      Oh, wait...

    • In that case please email me your slashdot password.
    • Re:Google's Right (Score:5, Insightful)

      by theshowmecanuck ( 703852 ) on Sunday March 29, 2009 @01:18PM (#27380605) Journal
      I was thinking exactly the same thing. You put your stuff on somebody else's machine, in an environment that is by design exposed to the wild, wild Internet, and better yet the server URIs are advertised to the world because it is your hosts business model to advertise where the documents are (who could use them if they couldn't find them)... If people want to trust others with their important documents in that sort of a model, then it is business Darwinianism if critical documentation are leaked. And another thing, who knows if their personnel look through peoples documents for a laugh or just being nosey. Heck, government employees risk getting fired looking up personal data of prominent people when they run for office. [msn.com] If government employees will do that, why wouldn't people in data centres.

      Personally, I don't trust any of my documents to others to take care of. I like my stuff behind firewalls and not sitting directly on the on ramp to the Internet (had to get a car metaphor in somewhere). Mind you, I think this type of model will continue at least for a while if not forever, no matter what happens. People growing up now-a-days don't think as much about what personal information they post on the Internet, why would they care if their personal documents are managed by someone else that they don't know (other than a corporate logo).
    • I agree to you point that the web is insecure. Google needs to inform people using Google Docs of this issue because some people will think its secure. Saying it does "not pose a significant security risk", suggests it is safe enough for people to use in all situations when it is not.
      • The last company I worked with insisted on using GoogleDocs and Basecamp for all sorts of critical customer information, over my very loud protests. Considering the industry they are in (read: one with some pretty heavy regulation) I was absolutely baffled at this decision. Alas I was over-ruled because it was "cheaper" and "pretty secure". Then again this is a company where the CEO kept a list of passwords on their monitor and never, ever, ever locked their workstation (usually with Outlook prominently dis
    • Since nothing on the Web is secure anyway, what's the problem?

      To use a car analogy: Anybody can break the window of your car, so why bother locking it?

      There's insecure and then there's insecure because of a stupid oversight. The problem is that it's easily fixed and should be.

  • My submission is that Google should respond in a classic Linux/KDE/Gnome format as follows:

    "While we acknowledge receipt of your concerns, the points raised are a feature of our product(s) and not bugs. Google takes security and privacy seriously and are committed to ensuring that all our users continue to enjoy products and services we provide."

    Or even better, they should label these so called security feature with a tag: "Won't fix." I know I will tagged a "troll" but I must say this: The "Won't fix" labe

    • Isn't Microsoft the one that calls bugs, features?
    • > My submission is that Google should respond in a classic Linux/KDE/Gnome format...
      > ...
      > GNOME score: 121, KDE score: 43.

      Where are your numbers for Linux?

    • by rbcd ( 1518507 )

      Why are you griping about GNOME and KDE here?

      The "wontfix" tag is generally taken to mean that the bug is not a problem that needs to be fixed. This might arise because the submitter has been misled by poor documentation. More often it is because the submitter wants the software to behave differently from what it does at the moment (eg. "the flight simulator in OpenOffice Spreadsheet doesn't work").

      If there is a lack of expertise, usually a "help"-type tag is used, never "wontfix". If "help" is unavailable

      • Re: (Score:3, Informative)

        by shentino ( 1139071 )

        FYI, "wontfix" is used on a routine basis for fedora.

        They also have "notabug" "notourbug" and "worksforme"

  • Business Security (Score:4, Insightful)

    by StormReaver ( 59959 ) on Sunday March 29, 2009 @03:03PM (#27381361)

    If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.

    The only way Google Docs isn't the dumbest thing your business can do is if your business uses the software on your own LAN/VPN, and hosts your own data on the same.

    There should be a Darwin Award for businesses, if there isn't already.

    • Re: (Score:3, Insightful)

      by RAMMS+EIN ( 578166 )

      ``If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.''

      This is true, but that doesn't mean it's actually a bad idea. The thing you have to ask yourself as a decision maker is: how much control do I have over my own company's computers, how competent are my admins, etc. etc. Then you ask the same quest

      • Re:Business Security (Score:5, Interesting)

        by TheRaven64 ( 641858 ) on Sunday March 29, 2009 @06:13PM (#27382607) Journal

        I did some consulting a while ago for a company which had a senior manager (I can't remember his actual title; the boss / owner's second in command) who kept the customer database on a USB flash drive. This was stored as an Access database and was completely secure, because it was always carried with him and only inserted into a computer when someone needed to access it.

        Completely secure, of course, until he decided to go into business by himself, and emailed all of the company's customers with a quote for their business at a slightly lower rate than they were currently paying, and some quite unprofessional comments about his former employer.

        You can't have absolute security, but it seems a lot of people are very bad at working out exactly how much security they really do have. In many cases, it's a lot less than they think.

    • If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow.

      That's why we always host our sensitive documents on our own servers, with a robots.txt to ensure no search engines index them. Just wanted to show my agreement with your excellent advice!

    • by ekhben ( 628371 )

      From Google Apps terms of service:

      * 7.1 Obligations. Each party will: (a) protect the other party's Confidential Information with the same standard of care it uses to protect its own Confidential Information; and (b) not disclose the Confidential Information, except to affiliates, employees and agents who need to know it and who have agreed in writing to keep it confidential. Each party (and any affiliates, employees and agents to whom it has disclosed Confidential Information) may use Confidential Info

  • by AbRASiON ( 589899 ) * on Sunday March 29, 2009 @04:10PM (#27381801) Journal

    Yeah I know you need my google account to compromise the document in the first place but that's only one level of security, considering some of the things I have on google docs a second level really would be appreciated.

  • by JakartaDean ( 834076 ) on Sunday March 29, 2009 @09:17PM (#27383633) Journal

    allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document

    Wow, that's pretty cool really. If I guess the URL I can see images that don't even exist?

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin

Working...