I have another problem with the service, I emailed myself a document (google provides several ways to upload documents, you can give it a link, upload a file, or email a file)
I emailed mysef a PowerPoint file this morning, every 30 minutes I keep getting the same document added to my account, it's stuck in a loop of some kind and it's broken
see image: http://img217.imageshack.us/img217/8488/picture1mk3.png
And google docs view: http://img63.imageshack.us/img63/2863/picture2ea1.png
I have no idea how to make it stop.
[TinyURLs expanded] |
> I have no idea how to make it stop.
Hi Achille,
Post a message on the groups and someone from Google with manually kill that for you immediately: http://groups.google.com/group/Something-in-Writely-is-Broken/topics?hl=en It's a rare but known bug with a fix coming out soon.
|
tony & I think the security hole has been fixed. I'm gonna contact Google to get a confirmation. |
Tom, you're right --
Update: Google informed me that the bug is fixed. My tests show this seems to be the case indeed – I can’t reproduce the privacy vulnerability anymore. |
Fast response. This demonstrates why Goog is better than MSFT |
Fast yes... anyway I have gathered 420+ mail addresses with that flaw :-/ I could have been worse |
TOMHTML Just remember, "Don't be evil" with those email addresses 8-)
Thanks for catching this and other bugs before I started really using Google Docs. Now if only they could get rid of the "all entities have a public URL" even if it's not shared. Really, I think this is only a Picasa problem, though. Still, any kind of security through obscurity irks me.
|
> This demonstrates why Goog is better than MSFT
No. This just demonstrates they are younger. ;-) Microsoft was like that in their time too. |
The flaw is still there, somehow. You just have to be on the chat, and use "Firebug" extension for Firefox, then listen HTTP request and you will see e-mails... |
Oops!
I guess that's a bit more obscure but they really have no excuse to be passing email addresses in the HTTP requests! |
I wasn't sure and my friend Yoann confirms that it as been fixed too recently.
now it looks like too 0060 76 37 63 6b 7a 70 67 6b 63 5f 37 39 68 70 36 34 v7ckzpgkc_79hp64 0070 6e 78 40 77 72 69 74 65 6c 79 2e 61 70 70 73 2e nxwritely.apps. 0080 74 61 6c 6b 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f talk.google.com ... |
Sorry, I was wrong, it hasn't been fixed.. (I added breaklines)
c2 190 [[10,['339AE4016723C8F7',["rp", "ajgv7ckzpgkc_79hp64nxwritely.apps.talk.google.com/ ajgv7ckzpgkca_ft7tvwm_B6ECA3FC","tomhtmlgmail.com/ TalkGadgetD8634481","a",,"TOMHTML (Vrai-Nom.com)"] ]] ]
Yoann get that and I said nothing ;-) |
Does that even work with a hidden Iframe? And what exactly does it reveal – only the email, or also the full name? |
Well, this is kind of related. But if you enable chat history saving in Gmail, it saves all your Google Presentations chats with the email addresses of everyone you were chatting with except the Presentation creator. |
Philipp: it works in a "hidden iframe" as you said, and as you can see in my extract above, there is my email and my pseudonym |