I’m excited about Google Docs.... although there is NO WAY you could convince me to upload my sensitive documents to a Google Server, I’m still very interested in seeing how Google’s Engineers tackle the security issues with online document sharing. Security for online collaboration tools is TOUGH, every online collaboration tool I’ve ever assessed has had major issues.
So I made my way to docs.google.com to see what the hype is all about. I found the link for “Watch a Video” on the login page. I like Google’s videos and this one did not disappoint. About half way through the video (1:60), I saw something that made me put my beer down… a link to a Google Document.
Being the curious sort, I entered the link into my browser address bar. I was surprised to see the following document:
Now, being able to view someone else’s document is pretty bad… but this is a demo… maybe they WANT everyone to see this document… that’s understandable. So what happened next REALLY surprised me… I clicked on the “Edit this page” link, entered my creds… and lo and behold… I had full rights to edit/modify the Oak Tree View newsletter!
I was planning on using the Oak Tree View newsletter to launch my campaign for Mayor of Oak Tree View, but I decided against modifying the page, as I’m not interested in pwning Sam’s pretty little newsletter. I’m sure she’s not interested in what I have to say about Oak Tree View….
Hahahahhaa, ahhahahahah
ReplyDeleteOk, seriously now... Google, please don't disable me and Billy's gmail accounts. We really do love you, but I mean, come on.
HAHAHA!!!
ReplyDeleteExerpt from the most recent Oak Tree newsletter:
"The following resolution was passed at last week's town hall meeting: Oak Tree has formally been renamed to Omg Pwn33ville. Newly elected mayor BK had only this to say about the event; '1m such 4 1337 h4x0r!!1 U b1tch3s h4d n0 1d34'"
There are so many tricks for G-mail, but i think yours is probably the best
ReplyDelete[...] me a lot of the work that Billy Rios has helped Google out with, as referenced here, here, and here. In these examples arbitrary user’s documents could be stolen from the Google Docs [...]
ReplyDelete[...] that some of the more interesting attacks pulled off on Google applications, see Billy Rios and my previous work on Google Docs, get’s only as much coverage as the security researcher who did or did [...]
ReplyDelete