New Security Concerns Raised For Google Docs 92
TechCrunch is running a story about three possible security issues with Google Docs recently uncovered by researcher Ade Barkah. It turns out that an image embedded into a protected document is given a URL which is not protected, allowing anyone who knows or guesses it to see the image regardless of permissions or even the existence of the document. Barkah also pointed out that once you've shared a document with another person, that person can see diagram revisions from any point before they gained access, forcing you to create a new document if you need to redact something. The last issue, the mechanics of which he disclosed only to Google, affects the document-sharing invitation forwarding system, which can allow somebody access to your documents after you've removed their permissions. Google made a blog post to respond to these concerns, saying that they "do not pose a significant security risk," but are being investigated. We previously discussed a sharing bug in Google Docs that was fixed earlier this month.
...purge images from your account...? (Score:1)
Let's keep it simple, eh? Purge the whole document. There. problem solved.
Re: (Score:3, Funny)
Oh stop being difficult. Just use a sharpie.
Re: (Score:3, Informative)
Careful. The use of Sharpies might raise eyebrows for some..
Access after you revoked permissions = a copy (Score:5, Insightful)
Eh, retaining access to a copy of the document after the original author revoked permission is certainly not a security issue -- at least, not unless you believe in DRM.
Being able to read future versions, like a reverse of the first bug of the article, would be bad, but the article doesn't suggest this is the case.
Re: (Score:1)
Agreed. Otherwise, all known operating systems have this "bug" as well, since if you have a file in $HOME with global read permissions and then subsequently revoke those permissions, if another user copied that file before you revoke those permissions, they still have access to that particular version of the file, or, more accurately, that copy of the file.
Hell, reality has the same "bug": If a book publisher publishes a book, and then later it is discovered that the book contains content that the general
Re: (Score:3, Informative)
Does anyone know how to patch reality?
DRUGS
lots and lots of delicious mind-bending drugs!
Re: (Score:3)
Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published.
That's quite possibly the scariest thing I've read in a while concerning content. I can easily see publishing companies following this logic and trying to slap DRM onto everything ever sold.
Re: (Score:3)
where have you been for the past 10 years?
they already do try this.
Re: (Score:2)
Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published
This is nonsense. Publishers have control, it's called copyright.
If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.
Re:Access after you revoked permissions = a copy (Score:5, Insightful)
Sorry, but those are the breaks. Unless, as you say, you're going to DRM everything, you're not going to be able to control copies of anything published
This is nonsense. Publishers have control, it's called copyright.
If the viewer didn't go to the effort to ensure they made a copy, revokation of the permission should make it impossible for them to get a new copy of the old text.
Is this meant to be a troll? copyright has nothing to do with permission to access. If you give someone a copy of something, copyright means they are not allowed to copy it, not that you can take away their copy at a later time.
I mean, what are you trying to say?
Re: (Score:2, Interesting)
Is this meant to be a troll? copyright has nothing to do with permission to access.
Copyright has everything to do with controlling when new copies can be made and distributed, which is the most common and likely way that information ever gets distributed.
You may have the document containing the info, but copyright control means another company can't go into the business of distributing the document, without you having recourse, and possible criminal charges (depending on the circumstances).
That's a p
Copyright isn't control (Score:2)
That's a pretty darn good deterrant and powerful control over the flow of information.
As the RIAA has found out - no it is not. I don't like the RIAA, but I think their inability to control 'the flow of information' despite their desperate attempts proves this point unlike any other entity can.
Copyright offers no 'control' -- It only offers recourse. DRM is almost entirely preventative. Copyright infringement these days happens on an International stage and data moves at light speed. It's quite impossible to enforce IP anymore and short of randomly suing people to scare (some) people, you
Re: (Score:2, Informative)
Agreed. Otherwise, all known operating systems have this "bug" as well, since if you have a file in $HOME with global read permissions and then subsequently revoke those permissions, if another user copied that file before you revoke those permissions, they still have access to that particular version of the file, or, more accurately, that copy of the file.
However, if you 'chmod 700 $HOME', you bet it is a bug if they can still access that file in an old state (not the copy they made)!
The issue here is
Re: (Score:3, Insightful)
> Eh, retaining access to a copy of the document after the original author revoked
> permission is certainly not a security issue -- at least, not unless you believe in DRM.
This is similar to changing the lock on your apartment when a friend to whom you have given a key tells you that she has lost it. Example: You give someone access to your confidential document on Google. He later informs you that his account has been compromised but that the miscreants may not have had time to use the credentials
Re: (Score:1)
> Eh, retaining access to a copy of the document after the original author revoked > permission is certainly not a security issue -- at least, not unless you believe in DRM.
This is similar to changing the lock on your apartment when a friend to whom you have given a key tells you that she has lost it. Example: You give someone access to your confidential document on Google. He later informs you that his account has been compromised but that the miscreants may not have had time to use the credentials yet. You revoke his access in hopes of protecting your secrets but the miscreants get at them anyway using this bug.
Nono, it's more like giving the keys to your Toyota to a friend and then when you buy a Porsche, they can still drive the old Toyota but not the new Porsche. Except it's not really like that at all because once they've had access to the document they can make a copy of that version and staple it to a powerpole for all the control you have of copies of your document. This is just common sense. Heck, maybe they have an eidetic memory. How are you expecting to expunge their memorised copy ?
Re: (Score:2)
> Except it's not really like that at all because once they've had access to the document
> they can make a copy of that version and staple it to a powerpole for all the control
> you have of copies of your document.
Sometimes, when you ask someone not to make a copy of something, you can actually trust them not to do so. They may even be authorized and trusted to make copies and keep them confidential.
> Heck, maybe they have an eidetic memory. How are you expecting to expunge their
> memorised
Re: (Score:3, Informative)
So do you make a copy of every document you are given, on the chance your access might be revoked? Consider this scenario:
I hire a new contractor. To do his job, he requires access to confidential company documents. I give him that access, along with an agreement that the information he can access is confidential, and should not be copied or shared. Now he CAN break that agreement at any time, and I probably would never find out. But it would be highly unprofessional to do so, and since our financial i
Re: (Score:2)
Yeah, hopefully that contractor didn't click on the "Offline" link on google docs -- because that would have kept a local fresh copy of them on his computer, or if you gave him a work email address -- hopefully you didn't give him POP access to it on his own private computer.
It is nothing like that at all (Score:2)
It is more like loaning a book to your friend to read, then a week later asking for it back, and also telling him to forget everything he ever read.
Intellectual property is not the same thing as physical property and should not be treated as such.
It's nothing, Shroedinger's logarithm beats that (Score:5, Interesting)
Open a new spreadsheet, type in those formulas:
A1: "=log10(1000)", format for two decimals - equals 3.00
A2: "=trunc(3.00)", format for two decimals - equals 3.00
A3: "=trunc(log10(1000))", format for two decimals - equals... *drumbeat* 2.00, that is, TWO POINT OH OH. Uh, oh.
I decided to call it "Schroedinger's logarithm".
A report on the Google Docs' technical support forum went unanswered...
Re:It's nothing, Shroedinger's logarithm beats tha (Score:5, Informative)
Of course, this is just speculation.
Re:It's nothing, Shroedinger's logarithm beats tha (Score:4, Insightful)
Just about any other application I checked this with (I recall trying OOo, Excel, KSpread, Gnumeric, python, Matlab [which purposely does not do any floating point error correction when not asked to] and Maxima) got it right, so I'm not really convinced that it's something common and hard to avoid. Well, maybe it is common if not corrected for, but definitely not hard to avoid and unheard of. Besides, other multiplies of 10 up to 10E+20 were fine, as were logarithms for several different bases and sets of values.
Re: (Score:3, Informative)
Probably right. In 32-bit Python:
math.log(1000,10)
2.9999999999999996
However, carrying out his example on OpenOffice.org Calc 2.2 results in 3.00. So while it's likely a binary representation problem, it's also probably a bug.
Re: (Score:1)
I agree with you in principle, but in actuality users expect things to behave in certain ways due to the proliferation of applications that have always handled in that way.
he trunc() function amplifies the error range, so you would get something like 2.00 (+1.00|-0.00). In practice the person writing the functions just has to know about the problem and deal with it in an application specific manner.
The trunc() function on Google Spreadsheet amplifies the error range, but it doesn't on OpenOffice.org Calc, and I would wager that it also doesn't on Excel.
Re: (Score:2)
Uh, isn't that technically correct behavior?
if your display can only display n digits but you have n digits of 9 and the n+1 digit is higher than 5 it should round up the entire line. However trunc does not care about what is being displayed so it should simply drop the fractional.
in other words if n (number of digits after the decimal displayed) is 3 and internally the number stored is 2.99999 then the display should display 3.000 but trunc() should display 2.000
Re: (Score:2)
No, it isn't. It was just for the visual effect of having the ".00" added, but the same thing happens with no forced formatting. Actually, I think that number formatting is not taken into account by Google Apps when doing actual calculations, not just displaying numbers.
Re: (Score:2)
Of course it's a bug. log10(1000) is 3, so truncating it should yield 3. Unless, of course, the specification very clearly states that operations are implemented using some kind of arithmetic that produces a different result. But, in that case, I don't want to use the software.
Re: (Score:1)
Of course it's a bug. log10(1000) is 3, so truncating it should yield 3.
Oh, there he goes again, making sense!
Re: (Score:1)
Natural vs. decadic logarithm (Score:1)
log(1000) / log(10) gives 2.99999999999999956 in double precision, i.e. google probably doesn't use the decadic log function (i.e. log10) in its implementation, but the natural logarithm instead.
Re:It's nothing, Shroedinger's logarithm beats tha (Score:5, Funny)
You sure that isn't just an Excel compatibility feature?
Re: (Score:2)
I believe the answer of 2.0 is correct.
trunc() is not int(), it is more like floor(). It truncates the value to not the nearest but the lower integer value. Therefore, trunc(2.999999999) is 2 (integer), not 2.0. OK, you want to format it with decimal places, the answer is 2.00.
I believe int(2.999999) will result in 3 as it is documented as a rounding operation.
Note: I have no idea what the specifications for Google spreadsheets might be. However, if they are compatible with the implementation of int, tr
Re: (Score:2)
It would be all correct and perfect in the context of a programmer's work and when I'm programming (especially at a low level, with no access to arbitrary-precision math libraries etc.), I do indeed expect such results. But when I'm using a spreadsheet, I expect it to take care of such details, because they're irrelevant in this context and must not ever be exposed to the user.
Now, I noticed that even in Python log(1000,10) does return 2.(9) - but log10(1000) returns 3. For a programming language, intended
Re: (Score:2)
The problem is that due to floating point inaccuracies, log10(1000) is actually 2.999999999 and not exactly 3. It is rounded and shown as 3, but when you truncate it, you get 2.
moral of the story: Don't use trunc.
Re: (Score:2)
I'll repeat what I said in another reply: I am aware of the floating point representation problem, but Google Docs doesn't give any clues on what the problem is and where it is, it shows two "3.00"s that trunc() to a different value, not a "2.999999..." or "2.(9)" or whatever else might be appropriate there. Basically, it claims that the value of an expression is X, but still treats it as Y, silently. While that was a simple and somewhat obvious example (I mean, for us - it's more than enough to confuse the
Re: (Score:2)
Not a bug - trunk always rounds down, so can be .999999 out easily. log(1000) is 2.999999 recurring on most spreadsheets, so it's doing what you're telling it.
For more accuracy round don't truncate.. or even better don't do either and let the formatting handle it.
Re: (Score:2)
I'm afraid there are some real use cases where a properly calculated, truncated logarithm value is actually needed as an intermediate step in a more complex expression, so the formatting isn't going to help. And most spreadsheets handle this situation much better, feel free to read my other replies in this thread to see why and how.
Re:It's nothing, Shroedinger's logarithm beats tha (Score:1)
Google's Right (Score:5, Insightful)
Since nothing on the Web is secure anyway, what's the problem? If it's an important secret keep it off the Web.
Re: (Score:2)
Or just don't rely on free services and host your own apps.
Re: (Score:2)
When your corporation decides to move it's data processing to Google Apps, there is an expectation that your company's data remains private.
Re: (Score:2)
And what penalties does Google agree to pay when your data do not remain private?
Re:Google's Right (Score:5, Insightful)
Re: (Score:1)
While I agree that just about nothing on the web should have expected privacy, the statement on third party software is entirely baseless. Almost every corporation on the planet relies on third-party applications in some form, as I'm almost certain that the Mexican food restaurant not far from my house didn't write their own operating system for the computers they use and just did a very very good job at making it look like Windows XP. Rather, that probably is Windows XP, third-party software made by a thir
Re: (Score:1)
If you put anything on the net, that expectation is futile. Regardless of any written policy. It is simply impossible to verify. On the internet, there will always be the matter of trust [youtube.com].
Re: (Score:2)
Re: (Score:1)
This same "argument" comes up with every Google story on here. I really want to know just how many companies are out there that have this super-secret information that they turn over to some Web 2.0 company?
Then again, it's probably just another Slashdot meme with no basis in reality. A company doing such a thing (too cheap to spend a few bucks for their own Google Apps box) deserves whatever becomes public.
Re: (Score:1, Funny)
Hey, good point! And did you ever notice how many people send emails they don't want to become public, too?
Not me anymore, though, nosiree! In fact, I'm gonna take my entire email system offline right now.
Oh, wait...
Re: (Score:1)
Re: (Score:2)
> In that case please email me your slashdot password.
Just grab it off the Slashdot site.
Re:Google's Right (Score:5, Insightful)
Personally, I don't trust any of my documents to others to take care of. I like my stuff behind firewalls and not sitting directly on the on ramp to the Internet (had to get a car metaphor in somewhere). Mind you, I think this type of model will continue at least for a while if not forever, no matter what happens. People growing up now-a-days don't think as much about what personal information they post on the Internet, why would they care if their personal documents are managed by someone else that they don't know (other than a corporate logo).
Re: (Score:2)
"When you trust your company's information to Google, you can be confident that your critical information is safe and secure."
Safe and Secure can mean many things. Maybe they're safe and secure from being lost forever in a harddrive crash. Maybe they're safe and secure for viewing anywhere with an internet connection. Marketing quotes don't mean all that much when it comes to technical specs.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Since nothing on the Web is secure anyway, what's the problem?
To use a car analogy: Anybody can break the window of your car, so why bother locking it?
There's insecure and then there's insecure because of a stupid oversight. The problem is that it's easily fixed and should be.
Here's how Gogle should respond (Score:2, Interesting)
My submission is that Google should respond in a classic Linux/KDE/Gnome format as follows:
"While we acknowledge receipt of your concerns, the points raised are a feature of our product(s) and not bugs. Google takes security and privacy seriously and are committed to ensuring that all our users continue to enjoy products and services we provide."
Or even better, they should label these so called security feature with a tag: "Won't fix." I know I will tagged a "troll" but I must say this: The "Won't fix" labe
Re: (Score:2)
Re: (Score:2)
> My submission is that Google should respond in a classic Linux/KDE/Gnome format... ...
>
> GNOME score: 121, KDE score: 43.
Where are your numbers for Linux?
Re: (Score:1)
Why are you griping about GNOME and KDE here?
The "wontfix" tag is generally taken to mean that the bug is not a problem that needs to be fixed. This might arise because the submitter has been misled by poor documentation. More often it is because the submitter wants the software to behave differently from what it does at the moment (eg. "the flight simulator in OpenOffice Spreadsheet doesn't work").
If there is a lack of expertise, usually a "help"-type tag is used, never "wontfix". If "help" is unavailable
Re: (Score:3, Informative)
FYI, "wontfix" is used on a routine basis for fedora.
They also have "notabug" "notourbug" and "worksforme"
Google's own position on this (Score:4, Informative)
Re:Google's own position on this (Score:4, Funny)
...that's the third link in the summary.
Oh! We're attempting to get people to RTFA by reposting it in the commentary and pretending it isn't TFA, are we? ;)
Re: (Score:2)
Business Security (Score:4, Insightful)
If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.
The only way Google Docs isn't the dumbest thing your business can do is if your business uses the software on your own LAN/VPN, and hosts your own data on the same.
There should be a Darwin Award for businesses, if there isn't already.
Re: (Score:3, Insightful)
``If anyone hosts anything more important than their grocery list on someone else's servers, then they deserve the inevitable security breaches that will follow. The entire nature of Google Docs (hosting your data on someone else's servers) is a security concern.''
This is true, but that doesn't mean it's actually a bad idea. The thing you have to ask yourself as a decision maker is: how much control do I have over my own company's computers, how competent are my admins, etc. etc. Then you ask the same quest
Re:Business Security (Score:5, Interesting)
I did some consulting a while ago for a company which had a senior manager (I can't remember his actual title; the boss / owner's second in command) who kept the customer database on a USB flash drive. This was stored as an Access database and was completely secure, because it was always carried with him and only inserted into a computer when someone needed to access it.
Completely secure, of course, until he decided to go into business by himself, and emailed all of the company's customers with a quote for their business at a slightly lower rate than they were currently paying, and some quite unprofessional comments about his former employer.
You can't have absolute security, but it seems a lot of people are very bad at working out exactly how much security they really do have. In many cases, it's a lot less than they think.
Re: (Score:2)
That's why we always host our sensitive documents on our own servers, with a robots.txt to ensure no search engines index them. Just wanted to show my agreement with your excellent advice!
Re: (Score:1)
From Google Apps terms of service:
I really want to see password protected documents (Score:5, Insightful)
Yeah I know you need my google account to compromise the document in the first place but that's only one level of security, considering some of the things I have on google docs a second level really would be appreciated.
Re: (Score:2)
Why not encrypt them in the usual way, then upload/download them?
Existence of the document? (Score:3, Funny)
Wow, that's pretty cool really. If I guess the URL I can see images that don't even exist?