Image via CrunchBase
- No protection for embedded images: If you embed an image within a document that you shared with someone, if you later revoke their access to the document or even delete the document, they can still see the image.
- All versions of diagrams are stored and remain accessible: If you've revised a document multiple times and consequently it includes multiple revisions of an embedded diagram, people with access to the document can still go back to previous versions of the diagram by altering the revision number in the URL.
- Viewers whose access privileges have been revoked can still access documents in some cases: "Even if you unshare a document with a person, that person can in certain cases still access your document without your permission, a serious breach of privacy. For now I’m withholding the mechanics of when/why/how this happens, pending further research and feedback from Google if any."
This is beginning to get tedious. A little over two weeks ago I had a post about another lapse in Google Docs security. Rather than tedious, Google's lack of response for five business days is alarming. Ade says,
These findings are based upon my investigations stemming from Issue
#1 above. I disclosed this particular issue to Google on March 18. I
tend to follow rfpuppy’s Full Disclosure Policy and
so waited five business days for Google to comment. I’ve yet received
any response from Google other than the usual automated, canned reply
(which I don’t consider a real response.)[Update 3/26: I'm now in contact with Google Security.]
Note that Google didn't reply until Ade went public.
This is yet another example of how Google--fundamentally--does not understand selling to the enterprise. First, during the entire two plus years of availability of Google Apps Premier Edition (GAPE), it looks like it never had a code walkthrough to ponder the possibility of this behavior. (Given Google's branding pitch of hiring only really really smart people, I find this hard to believe.) Or, if it did, it decided it wasn't a risk worth fixing. Second, rather than issuing a quick "Thank you, we're working on it" to Ade for doing their work for them, they ignored the issue until it started turning into a PR fiasco.
When I wrote my first 55-page report on GAPE back in August 2007, I was not kind to Google, saying GAPE was not ready for primetime in large enterprises. Although I didn't say so in the report, frankly, I was figuring Google would fix the issues over time (e.g., embedded e-mail distribution lists, administration by role) and by now it would have a competitive package. Now I'm inclined to think that's never going to happen.