Comments on: Google: Security Mishaps and User Trust

By: Warning: Google Docs Is NOT Safe « Legal Andrew - law for the rest of us

Warning: Google Docs Is NOT Safe « Legal Andrew - law for the rest of us — Fri, 12 Oct 2007 02:33:58 +0000

[...] be inherent in Google’s architecture. For a great background on some Google holes, check out TechCrunch’s security summary, even though it’s almost a year [...]

By: » Google: Can users trust it with their data? | Digital Markets | ZDNet.com

Tue, 22 May 2007 22:30:44 +0000

[...] Michael Arrington notes “security mishaps” that have adversely affected Google and its products and services saying Google hopes: to convince a lot of individuals and businesses to trust Google enough to store their documents on Google’s servers instead of their own computers, or servers under their control. [...]

By: Weekly Weblog » So Google Admit They are Eating Dogfood

Weekly Weblog » So Google Admit They are Eating Dogfood — Sun, 26 Nov 2006 05:37:55 +0000

[...] Does Google getting sensitive today? When I check their buzz today, the latest articles that tickle my eyes are: dogfood. So what the relation between sensitive and dogfood? After a bit reading, now I become surprised. Michael Arrington at Techcrunch.com write about security ‘incident’ around Google, looking for some leaks that Google ever made. [...]

By: Techcrunch » Blog Archive » Google Pulls Click-to-Call

Techcrunch » Blog Archive » Google Pulls Click-to-Call — Tue, 21 Nov 2006 19:53:05 +0000

[...] Not to take this too seriously, but it does bring to mind previous conversation we’ve had here about the importance of security if Google is going to convince the world to use its hosted office productivity applications. Google Sphere It [...]

By: Google security blunders at InfoSecPodcast - Your Information Security source.

Google security blunders at InfoSecPodcast - Your Information Security source. — Thu, 02 Nov 2006 19:29:41 +0000

[...] Michael Arrington over at TechCrunch posted a list of security problems that Google has had in the past. They are no different than any other enterprise when it comes to security matters. Everybody has issues but the important thing is to acknowledge and address them efficiently. [...]

By: Roberto

Roberto — Tue, 31 Oct 2006 06:56:09 +0000

If we all wait for Google to repond to an enquiry, we’ll be waiting a very long time. For a Company concerned with Communication, it sucks at it!
At least Blogger is trying - very trying.
By the way, I couldn’t see two of the Images posted here. Maybe Blogger needs to see that, too. I’ve done no good reporting the problem of vanishing photos.

By: tammi

tammi — Fri, 27 Oct 2006 17:10:45 +0000

I may be way off base…..blame it on the blonde,if you will…..but I thought Google and Blogger were one in the same.
Sorry…..
A confused blogger,
Tammi in Texas

By: Techcrunch » Blog Archive » Google Alerts Adds Blogs to News Search

Techcrunch » Blog Archive » Google Alerts Adds Blogs to News Search — Fri, 27 Oct 2006 01:50:39 +0000

[...] It seems strange to me that there isn’t a one click method to add blog searches to Google Reader from inside the blog search pages, that the atom and RSS links still take you to a page of XML and that email is the method of tracking blogs that’s being offered. If I had read about this new feature in my feed reader it wouldn’t have mattered that the Google blog was down. Except that it does matter because Google is trying to make a huge online office play in the face of repeated security and service shortcomings. Can you imagine if a major business initiative of yours rested on the stability of Blogspot? As wonderful as Blogger is, I don’t envy anyone who relies on it. [...]

By: c

Thu, 26 Oct 2006 00:57:05 +0000

Compare this to most other companies?

By: raomas

raomas — Wed, 25 Oct 2006 14:28:41 +0000

i like

By: JM

JM — Sun, 22 Oct 2006 19:40:58 +0000

People go on about trust and security, meanwhile you’ve got piles of your documents stored as attachments on gmail, hotmail, yahoo, etc.

Either in your “sent” box, or in the mailbox of whoever you sent the documents to. So what’s the big deal? You’ve all been storing documents online for years, now you can edit them.

By: Daily Network Management Links for 2006-10-19 - Network Management Evolution - Because change is inevitable

Thu, 19 Oct 2006 14:24:12 +0000

[...] Techcrunch: Google: Security Mishaps and User Trust “The fact that unauthorized document access is a simple password guess or government “request” away already works against them. But the steady stream of minor security incidents we’ve seen (many very recently) can also hurt Google in the long run. Running applications for businesses is serious stuff, and Google needs to be diligent about security.” [...]

By: Facts Grant » Late breaking news

Facts Grant » Late breaking news — Thu, 19 Oct 2006 09:01:35 +0000

[...] That scenario may give some prospective users pause, a surprising thought considering the heavy usage and trust people put in Google’s search results. Michael Arrington at TechCrunch speculated on what could possibly go wrong in the Google-centric model: [...]

By: Numbuchu » Late breaking news

Numbuchu » Late breaking news — Thu, 19 Oct 2006 05:03:13 +0000

By: Nathan Friedly

Nathan Friedly — Thu, 19 Oct 2006 01:44:48 +0000

The thing that gets me the most about google is that their google hosted email service doesn’t work nearly as well as plain old gmail. I set it up for one of the companies I work for and they just plain stopped receiving part of their email. It didn’t go to the spam folder or anything, it just disappeared.

On top of that there were a number of stupid little bugs, one in box claimed to be 100% full when it was in fact using no more that 5% of the allowed 2 gigs. Another just ran incredibly slowly for no apparent reason. Email’s took 8+ hours to come in, and the interface had a good 60+ seconds in between clicking something and seeing any discernible result.

They did fix the slow inbox and respond to *some* of the other complaints, but disappearing email is a show stopper and they didn’t respond to that.

And I’m not the only one with trouble: http://www.456bereastreet.com/.....ing_gmail/

By: Bob

Bob — Thu, 19 Oct 2006 01:34:15 +0000

Its about ownership. When you have a doc on your machine or on a thumb drive or (if your a company) on a server behind YOUR firewall, its yours.

Even an UNSUCCESSFUL hacking attempt can be prosecuted.

When you docs are on Google servers, you legally have no ownership rights to that document and can be denied access or have the document shared for many reasons or mishaps beyond your control.

I admire google for trying this, as most people dont even trust big companies with their phone numbers and social security number and addresses (because those companies always lied or ommitted the usage and sale of such data)

So I think its a big leap of faith that anyone would trust them with whole archives of documents sensitive or not. Its really a big brother move and as bad as MS Office is, I dont see this working without some new security technology in play.

By: Dave Sherratt

Dave Sherratt — Thu, 19 Oct 2006 01:27:46 +0000

Hmm i don’t seem to have undergone any of these mishaps guess it will happen thow

By: ffextensionguru

ffextensionguru — Wed, 18 Oct 2006 21:44:09 +0000

Hmm…glad I don’t do Blogger any more. Was not thrilled when Beta required me to register for a ‘Google Account’

By: Julia French

Julia French — Wed, 18 Oct 2006 20:51:46 +0000

I still have no email…anyone out there have an idea as to how I can get Google’s attention - send it if you do….

By: alan

alan — Wed, 18 Oct 2006 19:42:44 +0000

@ Julia French

Welcome to the downside of Software as a Service

For the foreseeable future I think companies will have to keep some capability and data in their own systems, as ASP / Webservices are just not robust enough for most B2B plays.

For what its worth my advice to clients is to have (at worst) a 24 hour response (depending on system criticality obviously) but that you can operate for 2 days without access to the service, that seems to be a robust time for any decent service provider to get back up to speed.

By the way, having run real time systems and real time system companies I can tell you that its a nightmare when that happens, I feel some sympathy with the Google team trying to rectify it.

By: /pd

/pd — Wed, 18 Oct 2006 19:40:14 +0000

Interesting certain comments just varnish from this site !!

By: Phil Freo

Phil Freo — Wed, 18 Oct 2006 19:36:32 +0000

I noticed a security flaw in Google Calendar:
http://www.philfreo.com/blog/?p=2

By: Phil Freo - Website Design, Development, & Blog - Jacksonville/Gainesville, FL

Wed, 18 Oct 2006 19:34:45 +0000

[...] Google has been doing a great job innovating lately through the integration of their products (Docs and Spreadsheets, Calendar and Gmail, etc). This integration, however, has not come without security issues arising. TechCrunch has covered several of them - but I believe I have found another… [...]

By: Old Buck

Old Buck — Wed, 18 Oct 2006 18:55:47 +0000

Kudos for informing/reminding people of the potential consequences of the ever possible security breach. No company is perfect, and unfortunately the laws covering the accidentally release of information and disclosure of such events to the data owners are extremely weak in this country… you can’t rely on being informed if/when a breach occurs. Google offers a wide range of different services which, when used, can acquire a wide range of sensitive information… the vast majority if not all of which is tied together not only through account login, but also through casual contact with google servers via the user’s GUID cookie (and to a degree possibly their IP address). There could literally be years worth of collected and associated information stored on google’s servers. So think not in terms of “these particular documents could be at risk” but “all the information we’ve ever directly or indirectly submitted to google could be at risk”. A dossier is more than the sum of its parts.

By: sourabh niyogi

sourabh niyogi — Wed, 18 Oct 2006 18:47:27 +0000

The whole system of username-password protection is a complete joke. This is how 99% of the world gets to their web service, from Etrade and Intuit down to Google, Myspace, YouTube and JoeWeb20r.com. There are millions of mysql databases out there with approximately nothing but a “Select UserName, Password from Account” to protect them. JoeWeb20r.com’s programmers not given the incentive to spend the time to do whatever Intuit, Etrade etc. do. JoeWeb20r.com (who you gave your username-password-petname combo to last month) got its development done for $500, remember?

Some people are using the same password on Flickr/Intuit/Etrade/etc. as on JoeWeb20.com (and YouTube, and Myspace, and Google XYZ). People don’t use password managers unless someone makes them. When JoeWeb20r.com gets hacked (or its “assets” get on eBay), someone is very close to getting access to Jack’s Etrade account, with disastrous consequences. Joe’s “d’oh!” doesn’t help Jack with the disaster. Its the group’s problem.

Who knows whether Google XYZ service (or YouTube or MySpace) is more like ETrade or like JoeWeb20r.com, but you can bet that there are some programmers on staff who in the course of getting 0.8 together put encrypting the password or sessionid on their “Nice To Have” list. Don’t fault them for being lazy - they are only human.

When the security breaches happen at Big Business, maybe someone loses their job (big deal), but the lawsuit that follows doesn’t work — the lawyers get >> $10M and the people with the disaster get $50 bills (or is it Adwords credits now?), and Big Business regards it as a cost of doing business, a “tax”. It doesn’t matter if its your emails and search history, GM pension plan, SUV defect, or Vioxx — The value system with regards to your life is: Big Business is more important than You, Human. Everyone for themselves! Life is a risk. Take it!