[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Utopian Visionaries Who Won’t Leave People Alone

No - no - no Ain'T going To get away with iT

Pete Buttplug's Butt Plugger Trying to Turn Kids into Faggots

Mark Levin: I'm sick and tired of these attacks

Questioning the Big Bang

James Webb Data Contradicts the Big Bang

Pssst! Don't tell the creationists, but scientists don't have a clue how life began

A fine romance: how humans and chimps just couldn't let go

Early humans had sex with chimps

O’Keefe dons bulletproof vest to extract undercover journalist from NGO camp.

Biblical Contradictions (Alleged)

Catholic Church Praising Lucifer

Raising the Knife

One Of The HARDEST Videos I Had To Make..

Houthi rebels' attack severely damages a Belize-flagged ship in key strait leading to the Red Sea (British Ship)

Chinese Illegal Alien. I'm here for the moneuy

Red Tides Plague Gulf Beaches

Tucker Carlson calls out Nikki Haley, Ben Shapiro, and every other person calling for war:

{Are there 7 Deadly Sins?} I’ve heard people refer to the “7 Deadly Sins,” but I haven’t been able to find that sort of list in Scripture.

Abomination of Desolation | THEORY, BIBLE STUDY

Bible Help

Libertysflame Database Updated

Crush EVERYONE with the Alien Gambit!

Vladimir Putin tells Tucker Carlson US should stop arming Ukraine to end war

Putin hints Moscow and Washington in back-channel talks in revealing Tucker Carlson interview

Trump accuses Fulton County DA Fani Willis of lying in court response to Roman's motion

Mandatory anti-white racism at Disney.

Iceland Volcano Erupts For Third Time In 2 Months, State Of Emergency Declared

Tucker Carlson Interview with Vladamir Putin

How will Ar Mageddon / WW III End?

What on EARTH is going on in Acts 16:11? New Discovery!

2023 Hottest in over 120 Million Years

2024 and beyond in prophecy

Questions

This Speech Just Broke the Internet

This AMAZING Math Formula Will Teach You About God!

The GOSPEL of the ALIENS | Fallen Angels | Giants | Anunnaki

The IMAGE of the BEAST Revealed (REV 13) - WARNING: Not for Everyone

WEF Calls for AI to Replace Voters: ‘Why Do We Need Elections?’

The OCCULT Burger king EXPOSED

PANERA BREAD Antichrist message EXPOSED

The OCCULT Cheesecake Factory EXPOSED

Satanist And Witches Encounter The Cross

History and Beliefs of the Waldensians

Rome’s Persecution of the Bible

Evolutionists, You’ve Been Caught Lying About Fossils

Raw Streets of NYC Migrant Crisis that they don't show on Tv

Meet DarkBERT - AI Model Trained On DARK WEB

[NEW!] Jaw-dropping 666 Discovery Utterly Proves the King James Bible is God's Preserved Word

ALERT!!! THE MOST IMPORTANT INFORMATION WILL SOON BE POSTED HERE


Status: Not Logged In; Sign In

Computers-Hacking
See other Computers-Hacking Articles

Title: Google Docs Design Flaw May Fool You Into Making Your Docs Editable by Anyone
Source: Wired
URL Source: http://blog.wired.com/business/2009/01/google-docs-des.html
Published: Jan 22, 2009
Author: Michael Calore
Post Date: 2009-01-22 15:39:01 by A K A Stone
Keywords: None
Views: 938

If you're currently sharing spreadsheets, documents or presentations using Google Docs, go double-check the permissions settings of those shared docs right now.

Wired.com has discovered a design flaw in the web app's user interface that could lead users to mistakenly open up their docs to editing by anybody on the internet.

Funny thing is, we found out about it the hard way.

A co-worker of mine discovered Wednesday morning that the Wired Tech Layoff Tracker, a spreadsheet we're sharing with all of you using Google's free service, had been changed. The name of the reader who had edited the doc wasn't known to my co-worker, and he certainly hadn't knowingly given edit permissions to anyone outside Wired.com.

Thankfully, our hacker was a benevolent fellow who immediately notified us he had been able to edit our shared document. Thanks to him, we were able to correct the exploit before anyone else could fiddle with our spreadsheet.

The problem stems from a confusing bit of interface design in Google Docs.

Check out this screenshot:

Google_docs_example2

This is what you see when you choose to share a spreadsheet within Google Docs. (The red labels are my own). Shown is the Invite People tab, where you can add e-mail addresses of people you want to let view or edit your doc. You can also set permissions as you invite them, by clicking on the To Edit or To View radio buttons. I've labeled it section A.

At the bottom, in section B, are the Privacy settings, with three more radio buttons. The options are clear: You're choosing whether to let people edit or view the document without signing in, something that requires a Google account.

What's not clear is that in this instance, "people" in section B refers not to the people you've specifically invited in section A, but rather everyone on the internet.

Here's the next tab in the Sharing pane, People With Access:

Google_docs_example

Again, you have a list of permitted users and their preferences in section A, and an Ajax-powered menu in section B that lets you allow "people" to edit or view the doc with or without signing in.

As before, they way section B is worded, it's not clear "people" means everyone on the internet, not the list of people up in section A.

You can probably guess we had set our permissions to "Let people edit without signing in," which is what left us exposed. Why would we choose that setting? We simply wanted to lower the barrier of participation for everyone in the newsroom.

There are a few people working here (I won't name them) who don't trust Google and don't want a Google account, and therefore wouldn't add anything to our Layoff Tracker if we required them to sign in. Since we value their input, we left the option open, thinking we were only applying those privacy settings to our own approved invitees.

Some of you are probably reading this and thinking, "Duh!?" Maybe it's totally clear to you that the options in section A and section B aren't related, but it wasn't to us. Look at how those tabs are laid out and labeled, and it becomes easy to see how other users would make the same mistake we did. Even if it's a low number of users — say 10 percent — that's a big design flaw.

If you're currently sharing anything in Google Docs with the "Let people edit without signing in" option, be aware that your documents are about as secure as public wikis, especially if they're embedded in an HTML page or linked to from a public website. We recommend changing the settings on each shared document to "Always require sign-in." Also, update your notification settings to send you an e-mail whenever a document is edited by anyone.

I spoke with two representatives from the Google Apps team on the phone Wednesday afternoon, and they assured me Google has not heard of any instances where other users are getting tripped up by these privacy settings (That's not to say docs aren't being exposed, it just means nobody's reported untoward activity). The representatives did agree, however, that the interface was poorly worded and merits review, so they passed along our feedback to the rest of the Google Apps team.

Something else they stressed is that there's a big difference between using Google Docs to share your kids' soccer schedule and using it to share corporate data, which is why the company places more tight controls on its app offerings for small businesses. Google Apps Premiere Edition, a commercial cloud-based service ($50 per user per year) gives admins the ability to authorize users within a specific domain space — meaning users in your organization can be given permission to edit docs privately without logging in through a Google account.

The free version of Google Docs has been criticized for being lax around both security and legal issues, but as our little mishap proves, sometimes the weakest security link is the end user.

What do you think about Google Doc's security, especially when it comes to how "foolproof" the app is? What about collaborative, cloud-based services in general?

We'll update this post if Google makes any changes to this part of the app's interface.

Michael Calore">Click for Full Text!

Post Comment   Private Reply   Ignore Thread  


[Home]  [Headlines]  [Latest Articles]  [Latest Comments]  [Post]  [Mail]  [Sign-in]  [Setup]  [Help]  [Register] 

Please report web page problems, questions and comments to webmaster@libertysflame.com