Another Odd Post To An Official Google Blog Raises Security Concerns

Accidental Post To Google's Blogger Buzz

Does another odd post to one of Google official blogs mean Google losing it in terms of security? It spurred Michael Arrington to fire up a list over at TechCrunch of other security issues, a couple I wouldn't agree were breaches. But I can add to the list as well, and there's no doubt these type of things hurt Google when during its expansion, it needs all the goodwill and trust it can get.

Yesterday, Google Blogoscoped wrote about a strange post on Blogger Buzz, the official blog for Google's Blogger. It turned out to be a case of someone who writes for the Blogger Buzz accidentally posting something meant for her personal blog on Blogger to the official one.

I can completely sympathize with this. About two weeks ago, I posted something to the Search Engine Watch Blog that I meant for my personal blog Daggle. Both use Movable Type, on completely different systems. But I had browser windows open to both of them and just picked the wrong one.

Unfortunately, the mistaken post (which is still up on Blogger Buzz for me) comes about a week after the Official Google Blog was hacked with a fake post. Add that to some other things, and people might be getting worried.

That's certainly Michael Arrington view at TechCrunch. He writes:

The fact that unauthorized document access is a simple password guess or government “request” away already works against them. But the steady stream of minor security incidents we've seen (many very recently) can also hurt Google in the long run. Running applications for businesses is serious stuff, and Google needs to be diligent about security.

Another minor incident came up this evening - a Google employee intended to post on her personal blog and wrote on the official Google blog covering Blogger instead....

Google product teams work in cells, which allows them to quickly launch and iterate products. However, there could be a disadvantage to this as well with regard to security, as their does not seem to be one central policy or security group ensuring strict compliance across the entire company. Every security incident damages Google's credibility and reputation. Microsoft has been dealing with security issues forever - Google may need to start fighting the same war.

The post includes eight examples of security incidents since 2004. Some I don't agree with, but others I do -- and there are more not on the list. I posted about these at TechCrunch, but my comments aren't showing yet (and possibly didn't go through properly). Here's what I wrote:

Goodness knows I'm not going to defend them on a lot of this stuff. The repeated problems with Blogger security are becoming absurd. Three strikes on their own blog? But Mike, some perspective is probably in order.

Accidentally released Platypus? Sounds like Philipp has a contact at Google that leaked it to him. I suppose that's a security issue, but it's not really a user security issue. Lumping it in there doesn't feel fair. And if you're going to do that, then any time someone from any company leaks you something, you should be reporting that as a security breach from that company.

Some of the other items are iffy on the user security side. They left stuff in a Writely doc, similar to how they left stuff in that analyst presentation a few months before. Sloppy, yes. Security breach, no. Worthy of concern? Yes, because sloppy there could mean sloppy elsewhere.

To add others to your list:

Overall, I agree with you. These incidents hurt Google's reputation and the trust users may have with them. What I can't tell is how they stack up in trust compared to someone like Microsoft. I suspect they're still well ahead there. But it's not "may need" to fight the war. They're in that war now, and every new app increases their exposure to exploits.