On Google Security (View post)Mathias Schindler | Tuesday, January 16, 2007 18 years ago • 6,870 views |
I just watched the pilot episode of Jericho (from CBS). (story in a nutshell: a series of atomic bombs blow up the US, the series describes how the brave people of Jericho, Kansas deal with this.
(Post)-Apocalyptic movies might include a general failure of the Google security concept in their feature list (as part of a general "how we lost our identity"-story line). |
Anonymous | 18 years ago # |
My Gmail account got burned (inbox deleted but recoverable, address book deleted and unrecoverable, mysterious email sent to most recent sender) by someone exploiting this weakness on Sunday morning. However, this happened the morning after I installed Yahoo Widgets and downloaded a Gmail notifier widget. |
/pd | 18 years ago # |
Philipp, this is so true. THe more services that depend on the google account (Which appears to be the risk mngt strategy) for google, the more it exposes users to risks.
I think that certainly google has a robust security protocol. however having seen the number of issues that you have posted, thus the comunity is forced to ask, what is google doing to ensure that the WEBOS is really really safe for its users. Afterall, I am willing to pay for this type of serivce and also security...
MAthias sez it best " how we lost our online identity" ? this is very important point as this is "indentity theft" – this space is only getting bigger and bigger. google needs to address the issues.
However, after saying all that, all apps / services and companies will face the issue, so let just beat on poor google :)_ |
Matthew | 18 years ago # |
See Michael's 3 tips:
http://weblogs.asp.net/mschwarz/archive/2007/01/16/how-to-surf-the-internet-more-safely.aspx
|
Christian Asmussen | 18 years ago # |
While solving this problem, Google should also remember to foresee the similar problems that will arise when Client-side session and persistent data is used... |
JohnLKnight | 18 years ago # |
This is all rather esoteric for me, but thanks for highlighting and pursuing this issue. It needs to be made public and discussed and with their profusion and confusion of products, google needs to take these issues even more seriously than ever.
Thanks again to you and the posse who are vigorously interrogating this issue. |
Niraj Sanghvi | 18 years ago # |
Could this be the reason that some services requiring more security (such as Adsense accounts) haven't been brought under the Google Account umbrella? Since this way a compromised cookie will expose your Google Account services, but Adsense (and I believe some other services) require a separate sign-on. |
Philipp Lenssen | 18 years ago # |
Niraj, actually AdSense is under the Google Account umbrella... when I delete all my Google cookies, then go to Google.com and hit "Sign in", and after signing in, I enter adsense.google.com, I don't have to sign in again. (On some Google Account services tho, like Google Analytics, you have to provide your password again...) |
Tony Ruscoe | 18 years ago # |
AdSense accounts aren't linked to your Google Account though, are they? My Google Account and AdSense passwords are different. (I've even asked them to link the two but they said they couldn't and were working on it...) I always have to sign in to AdSense unless I've already signed in that session. |
Philipp Lenssen | 18 years ago # |
Tony, I can delete all my cookies, then sign in to Google.com, and then go to AdSense. I will not have to sign in again, it will automatically show me my AdSense traffic + revenue numbers. I just tried again. And AdSense is also listed on my Google Accounts page under "my services". I guess I have a different version or once agreed to merging the two... |
Tony Ruscoe | 18 years ago # |
How strange. That's probably it though. I have it under my Google Accounts page too but never finished the application because Google told me it wouldn't work because I already had an AdSense account setup using that email address. When I setup my AdSense account, they had stricter rules on passwords than Google Accounts – like you have to include at least one number – so maybe that's the problem they've got with merging some accounts... |
Niraj Sanghvi | 18 years ago # |
Yes, I have the same situation as Tony, where there were stricter password rules and I could not merge the accounts (even though I still use my google email to login to adsense). So to this day logging into gmail or google groups logs me into all my services except adsense.
So I guess it was just coincidence or an account merging issue and not a security feature like I suspected :) |
Milly | 18 years ago # |
"Let me start out by saying that I think Google’s security, past and present, is very good. HTML injections are very common on many websites, but very rare on Google’s server.[...])"
I understand the (wider-than-Google) context of what you say, and that you're trying to make that clear from the outset. But I think "very good" and "very rare" is putting it too strongly, Philipp.
Google has been suffering from many of these type of flaws for many years now (which is to say Google users have been, actually and potentially) :-
http://net.nana.co.il/Article/?ArticleID=155025&Action=Print&sid=127 http://jibbering.com/blog/?m=200410 http://www.elhacker.net/gmailbug/english_version.htm http://www.google.com/search?q=google+security+bugs+OR+flaw http://news.google.com/archivesearch?q=google+security+bugs+OR+flaw&sa=N&lnav=m&scoring=t
And others have long been making similar points about Google services' architecture and design (apparently to no avail).
"Very good" by comparison with "many websites", perhaps, but I expect Google would (rightly) claim a much higher standard. As the rest of your excellent post illustrates, I find it hard to believe Google couldn't have done better, and couldn't do so now.
How about: "Let me finish by saying that I think Google’s security, past and present, is not nearly good enough"? ;)
I sure there are lots of formal rules and safeguards and procedures in place to try to stop such flaws reaching the public-facing services. But maybe some Googlers should use some of their 20% time to form a cross-discipline team of in-house hackers, to pound on *other teams* projects before and after release ... |