Google Blogoscoped

Forum

More Leaks from Docs

George R [PersonRank 10]

Sunday, March 29, 2009
15 years ago2,259 views

A TechCrunch story by Robin Wauters reports more security issues with Google Docs disclosed by Ade Barkah on his blog "peekay". These are different than the ones we discussed earlier.

peekay: http://peekay.org/2009/03/26/security-issues-with-google-docs/
TechCrunch: http://www.techcrunch.com/2009/03/26/more-security-loopholes-found-in-google-docs/
Google: http://googledocs.blogspot.com/2009/03/just-to-clarify.html
blogoscoped: http://blogoscoped.com/forum/151433.html#id151433

There are several problems. The blog peekay provides demonstrations of them.

He claims that there is no protection for images embedded within a document. Apparently images embedded in unshared docs are available to anyone even after they have been deleted.

He says once a doc is shared images in its earlier revisions may also be treated as if they are shared. You can just change the revision number in the url.

He says that if you unshare a document, in some cases, it may continue to be accessible to others. Should anyone ever really have an expectation of putting the genie back in the bottle?

Philipp Lenssen [PersonRank 10]

15 years ago #

> Apparently images embedded in unshared docs are
> available to anyone even after they have been deleted.

I think it is more precise to say "embedded to everyone who once knew the URL (or somehow got access to it, including through a bug or so)". I.e. images are unlisted and protected by cryptic URLs, but not themselves password-protected. The same thing is true for Picasa Web Album images. This can sometimes lead to unwanted side-effects, for eample: http://blogoscoped.com/archive/2009-02-27-n68.html

Randy A [PersonRank 0]

15 years ago #

There is this from the Google Docs people:

http://googledocs.blogspot.com/2009/03/just-to-clarify.html

I don't like that you have to contact support to have images deleted from your account, but the "security issues" that the "expert" revealed aren't what they appear to be.

Philipp commented on this post, so it has been seen. Just not shared here.

Ionut Alex. Chitu [PersonRank 10]

15 years ago #

Here's the real explanation regarding images: some people use Google Docs to post on their blogs. If they delete the document from Google Docs, it's not a great idea to also delete the images, which are now a part of a blog post.

I mentioned this "bug" in 2007 and it hasn't been fixed since then:
http://googlesystem.blogspot.com/2007/07/google-documents-cant-be-deleted.html

Luka [PersonRank 10]

15 years ago #

Leak from Facebook :

http://img242.imageshack.us/img242/3454/1238390429744.jpg

Forum home

>> More posts

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!